|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] "brain dead" cert. verification kame
From: Sebastian Krahmer (krahmer
suse.de)
Date: Mon Jun 21 2004 - 03:55:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 18 Jun 2004, Dirk Wetter wrote:
Hi,
Yes SL 9.1 IPsec tools are affected, we are already preparing update
packages.
Sebastian
>
> Hi,
>
> seems racoon doesn't check properly for valid x509 certs (BID 10546).
> Are
> Suse 9.1 IPsec tools vulnerable? I haven't looked into the relevant
> portion of code yet, but it looks like it is. Bugtraq recommends an
> upgrade to 0.3.3 .
>
>
> Cheers,
> Dirk Wetter
>
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
> http://promotions.yahoo.com/new_mail
>
>
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmersuse.de - SuSE Security Team
~
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]